CVE-2024-44087
CVE-2024-44087
In short
A flaw in Automation License Manager allows attackers to send specially crafted network packets that cause the application to crash, preventing users from verifying software licenses. No authentication is required to exploit this.
Technical detail
The vulnerability is an integer overflow (CWE-190) in packet field validation on port 4410/tcp, exploitable by unauthenticated remote attackers without authentication. Successful exploitation causes denial of service by crashing the license manager, blocking license verification for dependent applications.
Summary generated and translated by AI from the official description.
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions < V6.0 SP12 Upd3), Automation License Manager V6.2 (All versions < V6.2 Upd3). Affected applications do not properly validate certain fields in incoming network packets on port 4410/tcp. This could allow an unauthenticated remote attacker to cause an integer overflow and crash of the application. This denial of service condition could prevent legitimate users from using subsequent products that rely on the affected application for license verification.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
Affected products
Siemens · Automation License Manager V5Siemens · Automation License Manager V6.0Siemens · Automation License Manager V6.2Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →